Explore Website

Introduction to Bitcoin Programming with BitcoinJS and Bitcoin Core

Bitcoin Script Puzzles

Bitcoin scripts can be puzzles of any sort and they don't actually have to depend on the knowledge of a secret key. Complex scripts are replaced by shorter fingerprints in the transaction output, which allows for smaller transaction and less fees.Scripts can be hashed and encoded as a bitcoin

Bitcoin Script Puzzles

Bitcoin scripts can be puzzles of any sort and they don't actually have to depend on the knowledge of a secret key. Complex scripts are replaced by shorter fingerprints in the transaction output, which allows for smaller transaction and less fees.

Scripts can be hashed and encoded as a bitcoin address, hence the term Pay to Script Hash, and sending money to it is the same as sending to a public key hash address.

P2SH shifts the transaction fee cost of a long script from the sender to the recipient, who has to include a large redeem script in the input to spend the UTXO. Doing so, P2SH also alleviate blockchain data storage since the redeem script is not kept in the UTXO-set database.

Finally, P2SH shifts the burden in data storage for the long script from the present time (locking of funds) to a futuretime (spending of funds).

However puzzles that doesn't require a signature are insecure.When a transaction is not signed, an attacker can rewrite it to instead send the value to his address.

Except for hard computational puzzles, if we have the redeemScript, we can find the unlocking script.

Algebra Puzzle - Legacy P2SH

To follow along this tutorial and enter the commands step-by-step

Type node in a terminal after cd into ./code for a Javascript prompt

Open the Bitcoin Core GUI console or use bitcoin-cli for the Bitcoin Core commands

We don't need to sign this transaction since the redeem script doesn't ask for a signature.

Get the raw hex serialization.

No build step here as we have already called buildIncomplete

console.log('tx.toHex() ', tx.toHex())

Inspect the raw transaction with Bitcoin Core CLI, check that everything is correct.

$ decoderawtransaction "hexstring"

Broadcasting the transaction

It's time to broadcast the transaction via Bitcoin Core CLI.

$ sendrawtransaction "hexstring"

Inspect the transaction.

$ getrawtransaction "txid" true

Observations

We can decrypt the unlocking script in Bitcoin Core CLI with decodescript.You will notice that it is the concatenation of the corresponding hex value of the specified opcodes, OP_2, OP_3 andthe redeem script OP_ADD OP_5 OP_EQUAL.

Be aware that the hex script is the serialized version, which precede the redeem script by its byte length.In order to decode the script we need to remove this byte length.

$ decodescript 5253935587

Algebra Puzzle - Native Segwit P2WSH

To follow along this tutorial and enter the commands step-by-step

Type node in a terminal after cd into ./code for a Javascript prompt

Open the Bitcoin Core GUI console or use bitcoin-cli for the Bitcoin Core commands

Create the input by referencing the outpoint of our P2SH funding transaction.

txb.addInput('TX_ID', TX_VOUT)

Create the output, leaving 100 000 satoshis as mining fees.

txb.addOutput(p2wpkhAlice0.address, 999e5)

Prepare the transaction.

const tx = txb.buildIncomplete()

Creating the witness

Now we can update the transaction with the version byte 0 and the witness program that will be placed in the scriptSigfield, and the witness composed of the solution to our maths problem (witness stack) and the maths problem itself (witness script).

When we are spending from a P2WSH UTXO the witness script hash is produced automatically.However, when we are spending from a P2SH UTXO (our P2SH-P2WSH is a regular P2SH UTXO), we need to place the witnessscript hash ourselves in the scriptSig, preceded by a 0 version byte so that the interpreter recognizes that it actuallyis a witness program.If the version byte is 0 and the witness program is 32 bytes it is interpreted as a P2WSH program.

ScriptSig is then interpreted as a P2WSH and triggers the execution of the witness script.

Computational Puzzle: SHA-1 Collision

To follow along this tutorial and enter the commands step-by-step

Type node in a terminal after cd into ./code for a Javascript prompt

Open the Bitcoin Core GUI console or use bitcoin-cli for the Bitcoin Core commands

Use bx aka Libbitcoin-explorer as a handy complement

On September 13, 2013, Peter Todd, a renowned Bitcoin Core developer, announced a bounty on BitcoinTalk forum. As he explain himself,"rewards at P2SH addresses are available for anyone able to demonstrate collision attacks against a variety of cryptographic algorithms.You collect your bounty by demonstrating two messages that are not equal in value, yet result in the same digest when hashed.These messages are used in a scriptSig, which satisfies the scriptPubKey storing the bountied funds, allowing you tomove them to a scriptPubKey (Bitcoin address) of your choice".

In order to push data we should use OP_PUSHDATAHere, regarding the length of the values, we should use OP_PUSHDATA2, followed by two bytes that contain the number ofbytes to be pushed onto the stack in little endian order.Fortunately, BitcoinJS is taking care of that for us.If you inspect InputScriptP2SH, you will see that the values are preceded by 4d4001.4d is the OP_PUSHDATA2 opcode

We don't need to sign this transaction since the redeem script doesn't ask for a signature.

Get the raw hex serialization.

No build step here as we have already called buildIncomplete

console.log('tx.toHex() ', tx.toHex())

Inspect the raw transaction with Bitcoin Core CLI, check that everything is correct.

Comments

Explore Website

About Bitcoin Developer Network

The Bitcoin Developer Network (BDN) is a community-driven project looking at educating the generation of Bitcoin developers. We invite developers, authors, editors, proofreaders, enthusiasts, subject matter experts and technical writers to get in touch so that we may reduce the barrier to entry in developing solutions at various layers of this technology.

Bitcoin Developer Network Newsletter

Enter your email address to subscribe to this blog and receive notifications of new posts by email.